User Perceptions of Smart Home IoT Privacy

Authors:
Serena Zheng

Princeton University, Princeton, NJ, USA

Princeton University, Princeton, NJ, USA
View Profile

,
Noah Apthorpe

Princeton University, Princeton, NJ, USA

Princeton University, Princeton, NJ, USA
View Profile

,
Marshini Chetty

Princeton University, Princeton, NJ, USA

Princeton University, Princeton, NJ, USA
View Profile

,
Nick Feamster

Princeton University, Princeton, NJ, USA

Princeton University, Princeton, NJ, USA
View Profile

Proceedings of the ACM on Human-Computer Interaction Volume 2 Issue CSCWArticle No.: 200pp 1–20https://doi.org/10.1145/3274469

Published:01 November 2018Publication History

Proceedings of the ACM on Human-Computer Interaction

Abstract

Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart home owners, investigating their reasons for purchasing IoT devices, perceptions of smart home privacy risks, and actions taken to protect their privacy from those external to the home who create, manage, track, or regulate IoT devices and/or their data. We note several recurring themes. First, users' desires for convenience and connectedness dictate their privacy-related behaviors for dealing with external entities, such as device manufacturers, Internet Service Providers, governments, and advertisers. Second, user opinions about external entities collecting smart home data depend on perceived benefit from these entities. Third, users trust IoT device manufacturers to protect their privacy but do not verify that these protections are in place. Fourth, users are unaware of privacy risks from inference algorithms operating on data from non-audio/visual devices. These findings motivate several recommendations for device designers, researchers, and industry standards to better match device privacy features to the expectations and preferences of smart home owners.

References

Alessandro Acquisti and Jens Grossklags. 2005. Privacy and rationality in individual decision making. IEEE security & privacy, Vol. 3, 1 (2005), 26--33. Google ScholarDigital Library
Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2016. A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. Workshop on Data and Algorithmic Transparency (2016).Google Scholar
Noah Apthorpe, Yan Shvartzshnaider, Arunesh Mathur, Dillon Reisman, and Nick Feamster. 2018. Discovering Smart Home Internet of Things Privacy Norms Using Contextual Integrity. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (2018). Google ScholarDigital Library
Abdullahi Arabo, Ian Brown, and Fadi El-Moussa. 2012. Privacy in the age of mobility and smart devices in smart homes. In Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom). IEEE, 819--826. Google ScholarDigital Library
Jef Ausloos, Els Kindt, Eva Lievens, Peggy Valcke, and Jos Dumortier. 2013. Guidelines for privacy-friendly default settings. ICRI Research Paper No. 12|2013 (2013).Google Scholar
Nellie Bowles. 2018. Thermostats, Locks and Lights: Digital Tools of Domestic Abuse. https://www.nytimes.com/2018/06/23/technology/smart-home-devices-domestic-abuse.html. The New York Times (23 June 2018).Google Scholar
AJ Brush, Bongshin Lee, Ratul Mahajan, Sharad Agarwal, Stefan Saroiu, and Colin Dixon. 2011. Home automation in the wild: challenges and opportunities. In proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2115--2124. Google ScholarDigital Library
Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson. 2016. On Privacy and Security Challenges in Smart Connected Homes. In Intelligence and Security Informatics Conference (EISIC), 2016 European. IEEE, 172--175.Google Scholar
Barbara Carminati, Pietro Colombo, Elena Ferrari, and Gokhan Sagirlar. 2016. Enhancing user control on personal data usage in internet of things ecosystems. In Services Computing (SCC), 2016 IEEE International Conference on. IEEE, 291--298.Google ScholarCross Ref
Deborah Chambers. 2012. A sociology of family life .Polity.Google Scholar
Marshini Chetty, Ja-Young Sung, and Rebecca E Grinter. 2007. How smart homes learn: The evolution of the networked home and household. In International Conference on Ubiquitous Computing. Springer, 127--144. Google ScholarDigital Library
Eun Kyoung Choe, Sunny Consolvo, Jaeyeon Jung, Beverly Harrison, and Julie A Kientz. 2011. Living in a glass house: a survey of private moments in the home. In Proceedings of the 13th international conference on Ubiquitous computing. ACM, 41--44. Google ScholarDigital Library
Mauro Conti, Michele Nati, Enrico Rotundo, and Riccardo Spolaor. 2016. Mind The Plug! Laptop-User Recognition Through Power Consumption. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security. ACM, 37--44. Google ScholarDigital Library
George Demiris, Brian K Hensel, Marjorie Skubic, and Marilyn Rantz. 2008. Senior residents' perceived need of and preferences for “smart home” sensor technologies. International journal of technology assessment in health care, Vol. 24, 1 (2008), 120--124.Google Scholar
Lina Dencik and Jonathan Cable. 2017. The advent of surveillance realism: Public opinion and activist responses to the Snowden leaks. International Journal of Communication, Vol. 11 (2017), 763--781.Google Scholar
Serge Egelman. 2009. Trust me: Design patterns for constructing trustworthy trust indicators. Technical Report. Carnegie-Mellon University School of Computer Science.Google Scholar
Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 1065--1074. Google ScholarDigital Library
Murray Goulden, Peter Tolmie, Richard Mortier, Tom Lodge, Anna-Kaisa Pietilainen, and Renata Teixeira. 2018. Living with interpersonal data: observability and accountability in the age of pervasive ICT. New Media & Society, Vol. 20, 4 (2018), 1580--1599.Google ScholarCross Ref
Glenn Greenwald. 2013. NSA collecting phone records of millions of Verizon customers daily. The Guardian, Vol. 6, 06 (2013), 2013.Google Scholar
Glenn Greenwald and Ewen MacAskill. 2013. NSA Prism program taps into user data of Apple, Google and others. The Guardian, Vol. 7, 6 (2013), 1--43.Google Scholar
Broadband Internet Technical Advisory Group. 2016. Internet of Things (IoT) Security and Privacy Recommendations. Technical Report.Google Scholar
Consumers International. 2017. Testing our trust: consumers and the Internet of Things 2017 review. https://www.consumersinternational.org/media/154746/iot2017review-2nded.pdf .Google Scholar
Andreas Jacobsson and Paul Davidsson. 2015. Towards a model of privacy and security for smart homes. In Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on. IEEE, 727--732. Google ScholarDigital Library
A-Reum Jung. 2017. The influence of perceived ad relevance on social media advertising: An empirical examination of a mediating role of privacy concern. Computers in Human Behavior, Vol. 70 (2017), 303--309. Google ScholarDigital Library
Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. “My data just goes everywhere:” user mental models of the internet and implications for privacy and security. In Symposium on Usable Privacy and Security (SOUPS). USENIX Association Berkeley, CA, 39--52. Google ScholarDigital Library
Johannes Knoll. 2016. Advertising in social media: a review of empirical evidence. International Journal of Advertising, Vol. 35, 2 (2016), 266--300.Google ScholarCross Ref
Hosub Lee and Alfred Kobsa. 2016. Understanding user privacy in Internet of Things environments. In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT). IEEE, 407--412.Google Scholar
Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I Hong. 2014. Modeling users' mobile app privacy preferences: Restoring usability in a sea of permission settings. In Symposium on Usable Privacy and Security (SOUPS) . Google ScholarDigital Library
Dominique Machuletz, Henrik Sendt, Stefan Laube, and Rainer Böhme. 2016. Users protect their privacy if they can: Determinants of webcam covering behavior. In Proceedings of the European Workshop on Usable Security (EuroUSEC'16). Internet Society, Reston, VA, USA .Google ScholarCross Ref
Michelle Madejski, Maritza Johnson, and Steven M Bellovin. 2012. A study of privacy settings errors in an online social network. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2012 IEEE International Conference on. IEEE, 340--345.Google ScholarCross Ref
Kirsten Martin and Helen Nissenbaum. 2016. Measuring privacy: an empirical test using context to expose confounding variables. Colum. Sci. & Tech. L. Rev., Vol. 18 (2016), 176.Google Scholar
Kelly D Martin and Patrick E Murphy. 2017. The role of data privacy in marketing. Journal of the Academy of Marketing Science, Vol. 45, 2 (2017), 135--155.Google ScholarCross Ref
Simon Mayer, Yassin N Hassan, and Gábor Sörös. 2014. A magic lens for revealing device interactions in smart environments. In SIGGRAPH Asia 2014 Mobile Graphics and Interactive Applications. ACM, 9. Google ScholarDigital Library
Michelle L Mazurek, JP Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, et almbox. 2010. Access control for home data sharing: Attitudes, needs and practices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 645--654. Google ScholarDigital Library
Faith McCreary, Alexandra Zafiroglu, and Heather Patterson. 2016. The contextual complexity of privacy in smart homes and smart buildings. In International Conference on HCI in Business, Government and Organizations. Springer, 67--78.Google ScholarCross Ref
Emily McReynolds, Sarah Hubbard, Timothy Lau, Aditya Saraf, Maya Cakmak, and Franziska Roesner. 2017. Toys that listen: A study of parents, children, and internet-connected toys. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. ACM, 5197--5207. Google ScholarDigital Library
Andrés Molina-Markham, Prashant Shenoy, Kevin Fu, Emmanuel Cecchet, and David Irwin. 2010. Private memoirs of a smart meter. In Proceedings of the 2nd ACM workshop on embedded sensing systems for energy-efficiency in building. ACM, 61--66. Google ScholarDigital Library
Pardis Emami Naeini, Sruti Bhagavatula, Hana Habib, Martin Degeling, Lujo Bauer, Lorrie Cranor, and Norman Sadeh. 2017. Privacy Expectations and Preferences in an IoT World. In Symposium on Usable Privacy and Security (SOUPS) . Google ScholarDigital Library
Johannes Obermaier and Martin Hutle. 2016. Analyzing the security and privacy of cloud-based video surveillance systems. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security. ACM, 22--28. Google ScholarDigital Library
Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access control in the Internet of things: big challenges and new opportunities. Computer Networks, Vol. 112 (2017), 237--262. Google ScholarDigital Library
Charith Perera, Ciaran McCormick, Arosha K Bandara, Blaine A Price, and Bashar Nuseibeh. 2016. Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms. In Proceedings of the 6th International Conference on the Internet of Things. ACM, 83--92. Google ScholarDigital Library
Rebecca S Portnoff, Linda N Lee, Serge Egelman, Pratyush Mishra, Derek Leung, and David Wagner. 2015. Somebody's watching me?: Assessing the effectiveness of webcam indicator lights. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, 1649--1658. Google ScholarDigital Library
Georg Regal, Elke Mattheiss, Marc Busch, and Manfred Tscheligi. 2016. Insights into Internet Privacy for Visually Impaired and Blind People. In International Conference on Computers Helping People with Special Needs. Springer, 231--238.Google ScholarCross Ref
Everett M Rogers. 2010. Diffusion of innovations .Simon and Schuster.Google Scholar
Jan H Schumann, Florian von Wangenheim, and Nicole Groene. 2014. Targeted online advertising: Using reciprocity appeals to increase acceptance among users of free web services. Journal of Marketing, Vol. 78, 1 (2014), 59--75.Google ScholarCross Ref
Irving Seidman. 2013. Interviewing as qualitative research: A guide for researchers in education and the social sciences .Teachers college press.Google Scholar
Pan Shi, Heng Xu, and Xiaolong Luke Zhang. 2011. Informing security indicator design in web browsers. In Proceedings of the 2011 iConference. ACM, 569--575. Google ScholarDigital Library
Anna Kornfeld Simpson, Franziska Roesner, and Tadayoshi Kohno. 2017. Securing vulnerable home IoT devices with an in-hub security manager. In Pervasive Computing and Communications Workshops (PerCom Workshops), 2017 IEEE International Conference on. IEEE, 551--556.Google ScholarCross Ref
Vijay Sivaraman, Hassan Habibi Gharakheili, Arun Vishwanath, Roksana Boreli, and Olivier Mehani. 2015. Network-level security and privacy control for smart-home IoT devices. In Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on. IEEE, 163--167.Google Scholar
Vijay Srinivasan, John Stankovic, and Kamin Whitehouse. 2008. Protecting your daily in-home activity information from a wireless snooping attack. In Proceedings of the 10th international conference on Ubiquitous computing. ACM, 202--211. Google ScholarDigital Library
Murray A Straus, Richard J Gelles, and Suzanne K Steinmetz. 2017. Behind closed doors: Violence in the American family .Routledge.Google Scholar
Peter Tolmie, Andy Crabtree, Tom Rodden, James Colley, and Ewa Luger. 2016. “This has to be the cats”: Personal Data Legibility in Networked Sensing Systems. In Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing. ACM, 491--502. Google ScholarDigital Library
Daphne Townsend, Frank Knoefel, and Rafik Goubran. 2011. Privacy versus autonomy: a tradeoff model for smart home monitoring technologies. In Engineering in Medicine and Biology Society, EMBC, 2011 Annual International Conference of the IEEE. IEEE, 4749--4752.Google Scholar
Catherine E Tucker. 2014. Social networks, personalized advertising, and privacy controls. Journal of Marketing Research, Vol. 51, 5 (2014), 546--562.Google ScholarCross Ref
Joseph Turow, Michael Hennessy, Nora Draper, Ope Akanbi, and Diami Virgilio. 2018. Divided We Feel: Partisan Politics Drive American's Emotions Regarding Surveillance of Low-Income Populations. (2018).Google Scholar
Emmanuel Sebastian Udoh and Abdulwahab Alkharashi. 2016. Privacy risk awareness and the behavior of smartwatch users: A case study of Indiana University students. In Future Technologies Conference (FTC). IEEE, 926--931.Google ScholarCross Ref
Daisuke Wakabayashi. 2018. California Passes Sweeping Law to Protect Online Privacy. https://www.nytimes.com/2018/06/28/technology/california-online-privacy-law.html. The New York Times (28 June 2018).Google Scholar
R Wang. 2013. June 10. Beware trading privacy for convenience. http://blogs.hbr.org/2013/06/beware-tradingprivacy-for-con. Harvard Business Review (2013).Google Scholar
Meredydd Williams, Jason RC Nurse, and Sadie Creese. 2016. The perfect storm: The privacy paradox and the Internet-of-Things. In Availability, Reliability and Security (ARES), 2016 11th International Conference on. IEEE, 644--652.Google ScholarCross Ref
Jong-bum Woo and Youn-kyung Lim. 2015. User experience in do-it-yourself-style smart homes. In Proceedings of the 2015 ACM international joint conference on pervasive and ubiquitous computing. ACM, 779--790. Google ScholarDigital Library
Allison Woodruff, Sally Augustin, and Brooke Foucault. 2007. Sabbath day home automation: it's like mixing technology and religion. In Proceedings of the SIGCHI conference on Human factors in computing systems. ACM, 527--536. Google ScholarDigital Library
Peter Worthy, Ben Matthews, and Stephen Viller. 2016. Trust me: doubts and concerns living with the internet of things. In Proceedings of the 2016 ACM Conference on Designing Interactive Systems. ACM, 427--434. Google ScholarDigital Library
Jie Wu, Jinglan Liu, Xiaobo Sharon Hu, and Yiyu Shi. 2016. Privacy protection via appliance scheduling in smart homes. In Computer-Aided Design (ICCAD), 2016 IEEE/ACM International Conference on. IEEE, 1--6. Google ScholarDigital Library
Rayoung Yang and Mark W Newman. 2013. Learning from a learning thermostat: lessons for intelligent systems for the home. In Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing. ACM, 93--102. Google ScholarDigital Library
Eric Zeng, Shrirang Mare, and Franziska Roesner. 2017. End user security & privacy concerns with smart homes. In Symposium on Usable Privacy and Security (SOUPS) . Google ScholarDigital Library
Yu-Qian Zhu and Jung-Hua Chang. 2016. The key role of relevance in personalized advertisement: Examining its impact on perceptions of privacy invasion, self-awareness, and continuous use intentions. Computers in Human Behavior, Vol. 65 (2016), 442--447. Google ScholarDigital Library

Index Terms

User Perceptions of Smart Home IoT Privacy
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Empirical studies in HCI
  2. Ubiquitous and mobile computing
    1. Ubiquitous and mobile devices
2. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Privacy Lessons Learnt from Deploying an IoT Ecosystem in the Home
EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable Security

Studies of privacy perception in the Internet of Things (IoT) include in-laboratory evaluations as well as investigations of purchase decisions, deployment, and long-term use. In this study, we implemented identical IoT configurations in eight ...
Read More
User-Centric Privacy Controls for Smart Homes
CSCW

The widespread adoption of smart home devices (SHD) has increased privacy concerns among users, yet user-friendly controls are lacking. While there is a large body of research focused on understanding privacy concerns and threat models of SHD users, ...
Read More
Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges
HCI for Cybersecurity, Privacy and Trust
Abstract
As smart home technology is becoming pervasive, smart home devices are increasingly being used by non-technical users who may have little understanding of the technology or how to properly mitigate privacy and security risks. To better inform ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Proceedings of the ACM on Human-Computer Interaction Volume 2, Issue CSCW
November 2018
4104 pages
EISSN:2573-0142
DOI:10.1145/3290265
Editors:
Karrie Karahalios
University of Illinois & Adobe
,
Andrés Monroy-Hernández
Snap Inc.
,
Airi Lampinen
Stockholm University
,
Geraldine Fitzpatrick
Vienna University of Technology
Issue’s Table of Contents
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 November 2018
Published in pacmhci Volume 2, Issue CSCW

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
internet of things
privacy
smart home
user interviews
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 279
  Total Citations
  View Citations
- 12,348
  Total Downloads
- Downloads (Last 12 months)2,405
- Downloads (Last 6 weeks)410
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

User Perceptions of Smart Home IoT Privacy

Proceedings of the ACM on Human-Computer Interaction

Abstract

References

Cited By

Index Terms

Recommendations

Privacy Lessons Learnt from Deploying an IoT Ecosystem in the Home

User-Centric Privacy Controls for Smart Homes

Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges